I totally support Don's very complete and eloquent answer but here is a short and sweet one.  Try this link it lists every tool a beginning hacker will need.  Fyodor rocks!

http://sectools.org/

P.S. CEH covers a lot more then this but these are the best.

I agree with Apollo an IDS rule that triggers on posts would be the easiest and cheapest method.  You might also want to combine that with a string search based on your company name and variations.  That should give you a lot less false positives.

Wow!  I agree with you NickFnord that's kinda crappy of Microsoft to possibly be targeting a single format.  And to be aggressive enough to affect even files stored on share drives is a bit over the top.  I am definitely going to have to play around with this little "feature".

I just wanted to also add that while I don't really like the EC-Council's new continuing education system that you have to use to keep your CEH up to date it really isn't any worse then the CISSP.  I just wish EC-Council would make all their requirements exactly like ISC2 so I don't have to worry about if this education qualifies for CISSP but not CEH and then trying to make up the difference.  That is kinda a pain but the EC-Council's requirements for upkeep of their certifications are quite fair.

Hasslehawk,

I think you will find most people on this forum will agree that the CEH is an excellent entry level certification.  If you want to get into the IT security field and into penetration testing specifically the CEH is a good place to start.  As long as you realize that while the course is helpful it isn't a one stop shop.  Just because someone gets a CEH doesn't make them an experienced pentester able to run a full pentest all by themselves.  The material is a bit tool heavy (it concentrates on teaching all the different tools that are available) and some of it is a little out dated.

The CEH is great for getting your feet wet and finding out if you would really enjoy doing this type of work.  It gives you a good solid understanding of what kind of work a pentester does.  It tends to stay on the technical side of things though and doesn't get into reporting and procedural stuff very much.

If you are interested in getting into IT Security then by all means take the course/certification.  It is worth the money unless you are already an experienced pentester in which case there isn't much use taking an entry level cert like this.  I hope this helps.  Also if you search through this forum you will find many threads going over the pro's and con's of various security certifications.

I don't know if this is exactly what you are looking for but MIT has free online courseware with a large Mathematics section.  The courses have lots of lecture notes, presentations, and some recorded lectures.  If it doesn't help at least it is free!

http://ocw.mit.edu/OcwWeb/web/courses/courses/index.htm#Mathematics

Merry Christmas fellow geeks!

Well my goal is to get the GSE-Malware and I want to qualify to take the test the next time they offer it.  Which means I still need to get Silver for GCFA and GREM then get my white papers done so I can get gold in two of the three (GCIH, GCFA, or GREM).  My employer pays for any certifications I pass.  So as long as I don't fail and don't mind self study any GIAC Challenge exam I take is free for me.  On top of that I love IT security so I can't stop learning more and more.


... I love my job! 

I don't think we will see all that many "posers" for PCI Pen Tests.  The requirements to become a Qualified Security Assessor for PCI are fairly strict.  Any actual IT Security company could get certified but just having a person who can run Nessus isn't going to cut it to become a QSA. 

You can check out the requirements here.  Companies have to shell out some time and money to become certified.  Any individuals performing PCI security assessments have an annual training requirement.

I am still studying for the GCFA and the GREM so keep an eye out for more over the next few months.

Well they went fast.  Sorry everyone they are all gone now.

Hello everyone!  I have been taking a few GIAC challenge exams and since they give you two free practice tests with every exam I have a few extra.  If anyone is studying for the GPEN or GCIH and want some practice tests let me know.  You have to be registered on the SANS portal so I can "give away" the practice tests.

I have the following available:
GCIH (2)


Please PM me with your SANS portal ID if you would like any of these tests.  Also include which tests you want.

**** Update *****
Only two GCIH left now! 

I certainly wouldn't.  Knowing MIT students they may have other plans with the smart phones.  MIT students are legendary pranksters.

Cool!  Keep us posted on what you find out.

One problem you would run into Warzapping is that according to the article you have to preset which phone numbers can send the signal so you would have to spoof that.  Also I am guessing that the "message" you have to send is not standard but a customized "password/phrase" each individual user creates.  It would be really fun to play with though.